Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Missing zero value check on `_newFeeIncreasePercentage`.

mustby

Missing zero value check on _newFeeIncreasePercentage.

Description: According to the README.md: "It creates a competitive environment where players vie for the title of "King" by paying an increasing fee. Thus implying that every fee paid by players should be greater than the previous payment. Currently, the _newFeeIncreasePercentage parameter can be set to 0.

Risk Level:

Impact: Low

  • While no funds are at risk, it does contradict the intended functionality of the protocol.

Likelihood: Low

  • This would only occur if the deployer decided to set _newFeeIncreasePercentage to zero.

Proof of Concept:

  1. Deployer updates the fee to zero

  2. Player 1 claims the throne

  3. Player 2 claims the throne

  4. Compare the fees by both players - (they are the same)

Proof of Code:

Insert this into Game.t.sol:

function test__FeeIncreasePercentageCanBeSetToZero() public {
// Game Starts with initial parameters
// Deployer update the fee to zero
vm.startPrank(deployer);
game.updateClaimFeeParameters(0.1 ether, 0);
vm.stopPrank();
assertEq(game.feeIncreasePercentage(), 0, "Fee increase percentage should be updated to 0");
// Player 1 claims throne
vm.startPrank(player1);
game.claimThrone{value: INITIAL_CLAIM_FEE}();
vm.stopPrank();
// Log the fee paid by player 1
console2.log("Player 1 claimed throne with fee:", INITIAL_CLAIM_FEE);
// Player 2 claims throne
vm.startPrank(player2);
game.claimThrone{value: INITIAL_CLAIM_FEE}();
vm.stopPrank();
// Log the fee paid by player 2
console2.log("Player 2 claimed throne with fee:", INITIAL_CLAIM_FEE);
// Assert that player 2 paid the same fee as player 1
assertEq(0.2 ether, INITIAL_CLAIM_FEE * 2, "Claim fee should remain the same at 0% increase");
}

Recommended Mitigation: A solution here would be to update the logic in the modifier isValidPercentage to not allow zero values.

modifier isValidPercentage(uint256 _percentage) {
+ require(_percentage > 0 && _percentage <= 100, "Game: Percentage must be greater than 0 and less than or equal to 100.");
- require(_percentage <= 100, "Game: Percentage must be 0-100.");
_;
}
Updates

Appeal created

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.